Abstract
In this paper, we present a fast attack algorithm to find two-block collision of hash function MD5. The algorithm is based on the two-block collision differential path of MD5 that was presented by Wang et al. in the Conference EUROCRYPT 2005. We found that the derived conditions for the desired collision differential path were not sufficient to guarantee the path to hold and that some conditions could be modified to enlarge the collision set. By using technique of small range searching and omitting the computing steps to check the characteristics in the attack algorithm, we can speed up the attack of MD5 efficiently. Compared with the Advanced Message Modification technique presented by Wang et al., the small range searching technique can correct 4 more conditions for the first iteration differential and 3 more conditions for the second iteration differential, thus improving the probability and the complexity to find collisions. The whole attack on the MD5 can be accomplished within 5 hours using a PC with Pentium4 1.70GHz CPU.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Ronald Rivest. The MD5 message digest algorithm. RFC1321, April 1992, http://rfc.net/rfc1321.html.
Ronald Rivest. The MD4 message digest algorithm. RFC1320, April 1992, http://rfc.net/rfc1320.html.
B den Boer, A. Bosselaers. Collisions for the compression function of MD5. In Proc. Advances in Cryptology, EUROCRYPT’93, LNCS 765, Helleseth T (ed.), Springer-Verlag, Berlin, Germany, 1994, pp.293–304.
Dobbertin H. Cryptanalysis of MD5 compress. Rump session of Eurocrypt’96, http://www.cs.ucsd.edu/users/bsy/dobbertin.ps, 1996.
Xiaoyun Wang, Dengguo Feng, Xuejia Lai, Hongbo Yu. Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Rump session of Crypto’04, Cryptology ePrint Archive, Report2004/199, http://eprint.iacr.org/2004/199.pdf, 2004.
Xiaoyun Wang, Hongbo Yu. How to break MD5 and other hash functions. In Proc. Advances in Crytolog—EUROCRYPT 2005, LNCS3494, Cramer R (ed.), Springer-Verlag, pp.19–35.
Vlastimil Klima. Finding MD5 collisions on a notebook PC using multi-message modifications. In Proc. International Scientific Conference Security and Protection of Information 2005, Brno, Czech Republic, May 3–5, 2005, http://eprint.iacr.org/2005/102.pdf.
Patrick Stach. MD5 Collision Generator. 〈pstach@stachliu.com〉, http://www.stachliu.com.nyud.net:8090/md5coll.c.
Vlastimil Klima. Finding MD5 collisions—A toy for a notebook. Cryptology ePrint Archive, Report2005/075, March, 2005, http://eprint.iacr.org/2005/075.pdf.
Zhang-Yi Wang, Huan-Guo Zhang, Zhong-Ping Qin, Qing-Shu Meng. A fast attack on the MD5 hash function. Journal of Shanghai Jiaotong University, 2006, 11(2): 140–145, 151.
Jun Yajima, Takeshi Shimoyama. Wang’s sufficient conditions of MD5 are not sufficient. Cryptology ePrint Archive, Report2005/263, 2005, http://eprint.iacr.org/2005/263.pdf.
Xiaoyun Wang, Xuejia Lai, Dengguo Feng. Cryptanalysis of the hash functions MD4 and RIPEMD. In Proc. Advances in Cryptology—EUROCRYPT 2005, LNCS 3494, Cramer R (ed.), Springer-Verlag, 2005, pp.1–18.
Yu Sasaki, Yusuke Naito, Noboru Kunihiro, Kazuo Ohta. Improved collision attack on MD5. Cryptology ePrint Archive, Report2005/400, Nov, 2005, http://eprint.iacr.org/2005/400.pdf.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the National Natural Science Foundation of China under Grant No. 60573032.
Rights and permissions
About this article
Cite this article
Liang, J., Lai, XJ. Improved Collision Attack on Hash Function MD5. J Comput Sci Technol 22, 79–87 (2007). https://doi.org/10.1007/s11390-007-9010-1
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-007-9010-1